Country Blocking

Hi ciwan 

Is there any DNAT/WAF configured in the firewall? Is there any ACL configured in the firewall?

Please refer to this thread - https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/118893/geoip/431682#pi2151=3

Hi Keyur

I don't have any DNAT but i do have severals WAF configured in the firewall. No ACL configured. The referred thread is about RDP? What I need is either block the whole china region or the ip range i am receiving from the email notification above.

Thanks

Hi ciwan 

Is SSH access enabled for the WAN zone from device access? The firewall rule which you have created for "China,  in the Source Network, select WAN instead of "ANY"

Hi ciwan 

Is SSH access enabled for the WAN zone from device access? The firewall rule which you have created for "China,  in the Source Network, select WAN instead of "ANY"

Hi Keyur 

Yes SSH access enabled for the WAN zone from the device access

changed to WAN 

i'll enable the notification again, see if i receive anything again.

thanks

Hi ciwan 

I would request you to disable the SSH access for the WAN zone from Device Access, it will restrict SSH access to everyone from the WAN zone. If you want to allow specific IP, you can create Local ACL rule - https://community.sophos.com/kb/en-us/132814#Local%20Service%20ACL%20Exception%20Rule

Thanks. i've done that. Seems ok for now :)

Hi ciwan 

We glad that we could help, please reach out to us for further assistance.